CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27410 – wifi: nl80211: reject iftype change with mesh ID change
https://notcve.org/view.php?id=CVE-2024-27410
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching. We could probably allow setting an interface to mesh while setting the mesh ID at the same time by doing a different order of operations here, but realistically there's no userspace that's going to do this, so just disallow changes in iftype when setting mesh ID. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: rechazar cambio de tipo con cambio de ID de malla Actualmente es posible cambiar el ID de malla cuando la interfaz aún no está en modo malla, al mismo tiempo que se cambia a modo malla. Esto lleva a una sobrescritura de datos en la unión wdev->u para el tipo de interfaz que tiene actualmente, causando que cfg80211_change_iface() haga cosas incorrectas al cambiar. Probablemente podríamos permitir configurar una interfaz para malla mientras configuramos la ID de malla al mismo tiempo haciendo un orden diferente de operaciones aquí, pero en realidad no hay ningún espacio de usuario que vaya a hacer esto, así que simplemente no permita cambios en iftype al configurar la ID de malla. • https://git.kernel.org/stable/c/7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9 https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980 https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995 https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2 https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27409 – dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup
https://notcve.org/view.php?id=CVE-2024-27409
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the HDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dmaengine: dw-edma: HDMA: Añadida lectura sincronizada antes de iniciar la transferencia DMA en la configuración remota. El elemento de la lista vinculada y el puntero no se almacenan en la misma memoria que el registro del controlador HDMA. Si el registro del timbre se activa antes de la escritura completa de la lista vinculada, se producirá un error de condición de ejecución. • https://git.kernel.org/stable/c/e74c39573d35e9ac441090ff8183aa3dc2540649 https://git.kernel.org/stable/c/227ef58a9b0c372efba422e8886a8015a1509eba https://git.kernel.org/stable/c/17be6f5cb223f22e4733ed8fe8b2247cbb677716 https://git.kernel.org/stable/c/712a92a48158e02155b4b6b21e03a817f78c9b7e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27408 – dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
https://notcve.org/view.php?id=CVE-2024-27408
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dmaengine: dw-edma: eDMA: Añadida lectura sincronizada antes de iniciar la transferencia DMA en la configuración remota. El elemento de la lista vinculada y el puntero no se almacenan en la misma memoria que el registro del controlador eDMA. Si el registro del timbre se activa antes de la escritura completa de la lista vinculada, se producirá un error de condición de ejecución. • https://git.kernel.org/stable/c/7e4b8a4fbe2cecab0959e862604803d063f50029 https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3 https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52657 – Revert "drm/amd/pm: resolve reboot exception for si oland"
https://notcve.org/view.php?id=CVE-2023-52657
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driver reboot and power off cycles. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Revertir "drm/amd/pm: resolve reboot exception for si oland" Esto revierte la confirmación e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. Esto provoca bloqueos en SI cuando DC está habilitado y errores en los ciclos de reinicio y apagado del controlador. • https://git.kernel.org/stable/c/e490d60a2f76bff636c68ce4fe34c1b6c34bbd86 https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94 https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6 https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27407 – fs/ntfs3: Fixed overflow check in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-27407
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrigió la verificación de desbordamiento en mi_enum_attr() • https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08 https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7 https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •